Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost virus in SysWOW64


  • Please log in to reply
2 replies to this topic

#1 Ruskiyvix

Ruskiyvix

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:48 AM

Posted 22 January 2017 - 08:16 AM

Recently I downloaded a file which proceeded to install a tonne of unwanted crap on my computer. I deleted most of it via Add or Remove programs, but after doing some digging I found something a bit worse.

In Task Manager, I see this:
http://oi65.tinypic.com/709cp4.jpg
http://oi66.tinypic.com/28wjifs.jpg

If I check Services, I find this:
http://oi66.tinypic.com/2i20804.jpg
'Cloud service of Eqghclamecult' is probably not something that's supposed to be there.

So I went to remove it from SysWOW64 manually (as far as I know, the only svchost you're supposed to have is in System32).

Trying to remove it got me this:
http://oi63.tinypic.com/111pmaw.jpg
http://oi67.tinypic.com/2vkdkdd.jpg
http://oi63.tinypic.com/2d297ut.jpg

Can't seem to change permissions in order to delete it, Windows Defender doesn't recognize it as a virus either.
I'm also getting a tonne of popup windows, most of which Firefox blocks from opening, but plenty still get through. They appear even when I click on a blank part of a webpage where no link is present.
So yeah, any help would be great :) Thanks


Edited by computerxpds, 22 January 2017 - 10:56 AM.
Moved to AII from Windows 10 support forum


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,608 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:18 AM

Posted 22 January 2017 - 10:54 AM

Please run AdwCleaner
 
Please download AdwCleaner and install it.
 
When AdwCleaner opens you will see an image like the one below.
 
adwcleaner11_zps48314883.png
 
Click on Scan to start the scan.
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.
 
If there are no malicious programs are found you will receive the following message.
 
adwcleaner%20111_zpsiduqrrrp.png  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 rarson

rarson

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:18 PM

Posted 23 January 2017 - 01:01 PM

svchost.exe is a Windows process. The SysWow64 folder contains 32-bit system files, so it should be there.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users